DHS warns of vulnerabilities in widely used Niagara software

Software that controls millions of industrial devices remotely has flaws that allow attackers to gain user account information

By , Computerworld |  Security, software

In its alert, Tridium stressed the importance of companies limiting user permissions especially when it comes to the Niagara AX's the file system. "If a user has access to the entire file system, they have access to the entire station configuration," the company warned.

"Specifically, the config.bog file, located in the station's root directory, can be a security risk.," and security should be configured to ensure strict role-based access control to the file system, the company noted.

The DHS alert was issued on Friday, two days after the Washington Post detailed the vulnerabilities in Niagara in an investigative piece. The story was based on input from Billy Rios and Terry McCorkle, the two security researchers who discovered the flaws in Niagara and reported them to the DHS.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.

Originally published on Computerworld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question